无法解析 AuthorizationManagerRequestMatcherRegistry 中的方法“antMatchers()”

问题描述 投票:0回答:4

我目前正在关注 Spring 文档 和一些有关网络安全的教程。但现在我有一个问题,我无法调用该方法

antMatchers
。这是我在构建项目时遇到的错误:

java: cannot find symbol
  symbol:   method antMatchers(java.lang.String)
  location: variable requests of type org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>.AuthorizationManagerRequestMatcherRegistry

根据我的理解,我应该能够使用这个方法,这样我就可以允许或不允许对某个URL的HTTP请求。所以我的问题是,为什么我不能使用 

antMatchers()
方法?

SecurityConfiguration
班级:

package de.gabriel.vertretungsplan.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests((requests) -> requests
                        .antMatchers("/vertretungsplan").hasAnyRole("SCHUELER", "LEHRER", "VERWALTUNG")
                        .anyRequest().authenticated()
                )
                .formLogin((form) -> form
                        .loginPage("/login")
                        .permitAll()
                )
                .logout((logout) -> logout.permitAll());

        return http.build();
    }

}


pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.0.0</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>de.gabriel</groupId>
    <artifactId>vertretungsplan</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>vertretungsplan</name>
    <description>Demo project for Spring Boot</description>
    <properties>
        <java.version>17</java.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>com.mysql</groupId>
            <artifactId>mysql-connector-j</artifactId>
            <scope>runtime</scope>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>
java spring spring-boot spring-mvc spring-security
4个回答
45
投票

antMatchers()
以及 
mvcMathcers()
 
regexMatchers()
)中,已在 Spring Security 6.0 中弃用并删除。因此,您不能在 Spring Boot 3 项目中使用它们。

如果您想知道此更改背后的理由是什么,请查看此链接:弃用尾部斜杠匹配

重载方法 

requestMatchers()
被提供作为保护请求的统一方法。它促进了已从 API 中删除的配置方法的所有功能。

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http
        .authorizeHttpRequests(requests -> requests
            .requestMatchers("/vertretungsplan").hasAnyRole("SCHUELER", "LEHRER", "VERWALTUNG")
            .anyRequest().authenticated()
        )
        .formLogin(form -> form
            .loginPage("/login")
            .permitAll()
        )
        .logout(logout -> logout
            .permitAll());
    
    return http.build();
}
0
投票
如果您正在谈论请求,则

RequestMatcher 可以工作,但如果您在 AuthorizeHttpRequests 之前使用 antMatchers,现在您需要使用 .securityMatcher

像这样:

    http
    .securityMatcher("/api/**", "/app/**")
    .authorizeHttpRequests((authz) -> authz
        .requestMatchers("/api/admin/**").hasRole("ADMIN")
        .anyRequest().authenticated()
    );

查看 Spring 文档中的更多内容: Spring 文档

将这个遮阳篷留在这里,因为这是我需要的解决方案。

0
投票

最好的解决方案在这里:

https://docs.spring.io/spring-security/reference/5.8/migration/servlet/config.html

第二个附加信息也在这里: https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter

-1
投票

.requestMatchers("/assets/**").permitAll()

对我有用,但请确保检查您的链接与您插入的位置相同

例如

If you use:
  <link href="assets/css/style.css" rel="stylesheet">
  
Here you need to use:
  .requestMatchers("/assets/**").permitAll()
  
If you use:
  <link href="resources/**" rel="stylesheet">
  
Here you need to use:
  .requestMatchers("/resources/**").permitAll()

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.